asked on

SMTP Virtual Server Current Sessions showing some strange domain connections

I am seeing lots of sessions in our SMTP virtual server that I dont think should be there. They are from some very odd domains including .hu, .it, .lb, etc. Does this mean I have been comprimised? I will make sure open-relay is not on, is there anything else I need to do?

Greg Jacknow

If you haev an internet facing server you are going to see a lot of mail in your outgoing queue that are bounces from all sorts of span and other stuff setn to old/bad addresses. Obviously the spam return addresses are mostly junk so they sit there in your outgoing queue and are retried. This could be what you are seeing.

Greg J

globalwm

ASKER

I am specifically talking about the Current Sessions on the smtp virtual server.

ASKER CERTIFIED SOLUTION

adolphus850

membership

This solution is only available to members.

To access this solution, you must be a member of Experts Exchange.

Start Free Trial

manelson05

I am also having the same problem. Under the virtual servers/sesions I have two users one named Hp2345345491 with an ip located in italy and the other authenticated user name localhost with ip in turkey.
Relay is off, if I disable these accounts in the virtual server all smtp mail fails, if I delete the internal address of the mail server 192.168.1.251(192.168.1.248) things stop working I am in need of any help to resolve.

trouble9306

I am having a similar problem, lots and lots of spam and current sessions open from all over the world. I had a guy call me from states away to say that exchange was sending spam. I terminate the sessions but I just logged in to my server and have 4 more current session from two different places. I have had it checked for open relay but was told there was no open relays. We have also been getting some mail returned undeliverable and I am thinking we may be getting blacklisted. also if I am being blacklisted how can I find out an fix it.